Integrated: 8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
Weijun Wang
weijun at openjdk.java.net
Fri Jan 21 03:19:50 UTC 2022
On Thu, 20 Jan 2022 18:19:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Set `output_token` to empty. It is always accessed (even for a `GSS_S_FAILURE`) at https://github.com/openjdk/jdk/blob/cfa3f7493149170f2b23a516bc95110dab43fd06/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c#L1160.
This pull request has now been integrated.
Changeset: 6352c020
Author: Weijun Wang <weijun at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/6352c020c25f2701afb4fabee0cc7fcef2d407fb
Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod
8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
Reviewed-by: valeriep
-------------
PR: https://git.openjdk.java.net/jdk/pull/7163
More information about the security-dev
mailing list